littleninja2

ok, it actually seems that the reason was a vulnerability present in the version 1.4.2 of this plugin.

After the release of a fix in version 1.4.3, hackers stated to target previous versions.

Please see here for full details:
https://www.wpgdprc.com/wp-gdpr-compliance-1-4-3-security-release/

That means two things:
– In theory, version 1.4.3 is safe
– If you’ve had version 1.4.2 installed, you’re in serious risk that your site has been hacked, even if you’ve already upgraded. If this is the case, you should try to restore a backup of your site prior to November 6th.

I had a similar problem as reported Ingo311: a number of Administator users appeared, shortly after upgrading the plugin to version 1.4.3.

I can not 100% assure that the security breach was due to this plugin but I can definitely say this is the prime suspect.

We have restored a backup of the website and removed the plugin. Hopefully this will solve the problem.

RECOMMENDATIONS IF YOU THINK YOUR SITE HAS SUFFERED A SIMILAR PROBLEM:

• If possible, try to restore a backup of the site, prior to upgrading to version 1.4.3 of this plugin.
• Remove any illegitimate users (WordPress > Users)
• Reset passwords for all remaining users
• Check if your site allows anyone to register (Settings > General > Membership)
• Check user’s default role (Settings > General > New user default role)
• Recommended: install and configure a reliable security plugin (I recommend WordFence)

All the best!

• This reply was modified 6 years, 3 months ago by littleninja2.
• This reply was modified 6 years, 3 months ago by littleninja2.
• This reply was modified 6 years, 3 months ago by littleninja2.

thanks!!

Hi @arcadiastudio,

I believe this should work for you:
https://www.ads-software.com/support/topic/latest-version-not-working-quick-fix/